Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 30940
Status: resolved
Priority: 0/
Queue: CGI

Owner: Nobody in particular
Requestors: dsteinbrunner [...]
peter [...]

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)


Subject: Document CGI::Util's escape and unescape methods
Download (untitled) / with headers
text/plain 232b
CGI::Util's escape and unescape methods are useful outside of just the internals of Because of this, it would be nice if these methods had exposure in the documentation so that they would be more accessible to developers.
Download (untitled) / with headers
text/plain 411b
On Fri Nov 23 12:02:29 2007, wrote: Show quoted text
> CGI::Util's escape and unescape methods are useful outside of just the > internals of > Because of this, it would be nice if these methods had exposure in the > documentation so that > they would be more accessible to developers.
I agree. To move this bug report forward, next we'll need a patch which includes the requested documentation.
Download (untitled) / with headers
text/plain 843b
In theory, I think this documentation should be able to be taken almost verbatim from URI::Escape: In reality, I think there are a number of subtle but important differences between the approaches, and I'm no encoding expert to understand them. I tried porting a few of the tests from URI::Escape to to see if they passed. Here are the first few: use Test::More 'no_plan'; use CGI::Util qw(escape unescape); use utf8; is(escape(undef), undef); is(escape("|abcå"), "%7Cabc%E5"); is(unescape("%7Cabc%e5"),"|abcå"); The first one, the "undef" case, always passes. The second and third fail if the "use utf8;" line is commented out, and the second test fails even with "use utf8;" turned on. I don't know if that's a bug, or an intended difference in how they are implemented.
Download (untitled) / with headers
text/plain 1.2k
perlfaq9 has this question: "How do I decode or create those %-encodings on the web?", and the answer begins: Show quoted text
> If you are writing a CGI script, you should be using the module > that comes with perl, or some other equivalent module.
And yes, CGI imports escape and unescape from CGI::Utils but perldoc CGI::Utils says: Show quoted text
> DESCRIPTION: no public subroutines
So I guess using CGI::escape and CGI::unescape amounts to using undocumented features of CGI. In light of that, I suggest the answer to the FAQ to be misleading. At least I have no idea how to "decode or create those %-encodings on the web" from reading perldoc CGI. So therefore I suggest documenting escape and unescape in perldoc CGI. I've created a simple patch for that (attached and at I hope this can be included in future CGI releases. In any event, I find the FAQ answer is not currently useful as far as CGI goes. This post was made after consulting perl.perlfaq.workers. See e.g. (Also, perldoc CGI has: Show quoted text
> Address bug reports and comments to:
If that is no longer appropriate, perhaps should change on that account too. Feel free to let me know if you want me to open a separate ticket for that.)
Subject: CGI-document-un_escape.patch
--- 2010-01-29 15:41:54.000000000 +0100 +++ 2010-06-28 08:56:49.000000000 +0200 @@ -255,6 +255,7 @@ ':html' => [qw/:html2 :html3 :html4 :netscape/], ':standard' => [qw/:html2 :html3 :html4 :form :cgi/], ':push' => [qw/multipart_init multipart_start multipart_end multipart_final/], + ':escape' => [qw/escape unescape/], ':all' => [qw/:html2 :html3 :netscape :form :cgi :internal :html4/] ); @@ -4878,6 +4879,10 @@ Import all HTML-generating shortcuts (i.e. 'html2', 'html3', 'html4' and 'netscape') +=item B<:escape> + +Import the escape and unescape methods + =item B<:standard> Import "standard" features, 'html2', 'html3', 'html4', 'form' and 'cgi'. @@ -5698,6 +5703,20 @@ ), hr; +=head2 ESCAPING/ENCODING AND UNESCAPING/DECODING URL STRINGS + +URL parameters are encoded in what is also known as Percent-encoding +L<> + + use CGI ':escape'; + my $string = "Hello World"; + my $escaped = escape($string); + print $escaped, "\n"; + die "How could unescape(escape($string)) ne $string" + unless unescape($escaped) eq $string; + +prints out "Hello%20World" + =head2 PROVIDING ARGUMENTS TO HTML SHORTCUTS The HTML methods will accept zero, one or multiple arguments. If you
Subject: Re: [ #59077] escape / unescape docs
Date: Mon, 5 Jul 2010 09:30:08 -0400
To: bug-CGI [...]
From: Mark Stosberg <mark [...]>
Download (untitled) / with headers
text/plain 335b
Thanks for the contribution! I agree that "escape" and "unescape" should be documented. I would like to see thee docs in the main documentation along with nearly everything else. I thought there was already existing bug report about this. The bug tracker appears to be down for a bit so I can't check on it now. Mark
Download (untitled) / with headers
text/plain 267b
Peter, Would you care to comment on how we might account for the differences between CGI's implementation and that of URI::Escape? We could use some help determining if the difference implies that one has a bug with regard to the encoding spec or UTF-8 handling.
Download (untitled) / with headers
text/plain 240b
This issue has been copied to: please take all future correspondence there. This ticket will remain open but please do not reply here. This ticket will be closed when the github issue is dealt with.
Download (untitled) / with headers
text/plain 170b
perlfaq9 now mentions the use of URI::Escape, this entire bug can be closed. The answer could be: Use URI::Escape instead. (and I'm ignoring the UTF-8 issues here).
Resolved as per previous comment

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to